CVE-2026-45773

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

CVE-2026-25221

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...

CVE-2026-25221 PolarLearn has Multiple Login CSRFs via Missing OAuth state Parameter (GitHub & Google)

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery CSRF. The application fails to implement and verify the state parameter during the...

FastAPI Users 跨站请求伪造漏洞

FastAPI Users is a customizable user management interface from FastAPI Users open source. A cross-site request forgery vulnerability exists in FastAPI Users versions prior to 15.0.2, which stems from stateless OAuth login status tokens and missing correlation data, which could lead to login CSRF...

SUSE CVE-2025-24032

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the incorrect XPath selector due to improper verification of the SAML Response signature. An attacker with access to any signed SAML document can forge a SAML Response/Assertion...

SUSE CVE-2010-1150

MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a...

Databasir 信任管理问题漏洞

Databasir is a relational database model document management platform for teams. A security vulnerability exists in Databasir 1.01, which stems from the fact that an attacker can use hard-coded login credentials to generate any user's login credentials and log in to the backend of a service locat...

PT-2021-8982 · Red Hat · 3Scale Dev Portal

Name of the Vulnerable Software and Affected Versions: 3scale dev portal affected versions not specified Description: A flaw was discovered in the 3scale dev portal where it does not employ mechanisms for protection against login CSRF. This allows an attacker to access unauthorized information or...

CVE-2020-4127

HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0....

CVE-2020-6844

In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts...

PT-2025-6281 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira versions 7.6.4 through 8.1.0 Description: A CSRF issue exists due to the login form not requiring a CSRF token. This allows an attacker to log a user into the system under an unexpected account. Recommendations: For Atlassian...

DEBIAN-CVE-2014-2665

includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information ...

DEBIAN-CVE-2010-1150

MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a...